Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors

Source

Enlarge (credit: Getty Images) In July, security researchers revealed a sobering discovery: hundreds of pieces of malware used by multiple hacker groups to infect Windows devices had been digitally signed and validated as safe by Microsoft itself. On Tuesday, a different set of researchers made a similarly solemn announcement: Microsoft’s digital keys had been hijacked to sign yet more malware for use by a previously unknown threat actor in a supply-chain attack that infected roughly 100 carefully selected victims. The malware, researchers from Symantec’s Threat Hunter Team reported, was digitally signed with a certificate for use in what is alternatively [...]